Hi,
I'm currently migrating a non-Freenas system to FreeNAS-11.2-RELEASE-U1.
After i set up the SMB shares (+ ACL permissions) and moved the data, Windows clients can't alter these files.
But they are able to remove/paste the files. On linux everything works fine.
After some tracing I found out that files owned only by root are causing troubles for Windows systems.
My setup:
I set up the user and groups according to my permission plan.
I initialized a ZFS pool with a couple datasets, where the share type is set to Windows. The owner of the dataset is root, the group is the main group using the dataset.
As an example, the dataset "Kernteam" is owned by root und as group "Kernteam" is used.
To deny access for everybody and preventing "Kernteam" members doing messy things, i set these permissions:
setfacl -m group@:rwxpDdaRcs:fd:allow,everyone@:::allow /mnt/MAINSTOREHDD/Kernteam
getfacl gives me following output:
Following output is returned for this share by testparm:
Following output is returned by smbcacls:
The data itself was copied by the root of the Freenas machine using smbmount from the old NAS system.
Have someone any ideas, why this is happening?
I'm currently migrating a non-Freenas system to FreeNAS-11.2-RELEASE-U1.
After i set up the SMB shares (+ ACL permissions) and moved the data, Windows clients can't alter these files.
But they are able to remove/paste the files. On linux everything works fine.
After some tracing I found out that files owned only by root are causing troubles for Windows systems.
My setup:
I set up the user and groups according to my permission plan.
I initialized a ZFS pool with a couple datasets, where the share type is set to Windows. The owner of the dataset is root, the group is the main group using the dataset.
As an example, the dataset "Kernteam" is owned by root und as group "Kernteam" is used.
To deny access for everybody and preventing "Kernteam" members doing messy things, i set these permissions:
setfacl -m group@:rwxpDdaRcs:fd:allow,everyone@:::allow /mnt/MAINSTOREHDD/Kernteam
getfacl gives me following output:
Code:
getfacl /mnt/MAINSTOREHDD/Kernteam # file: /mnt/MAINSTOREHDD/Kernteam # owner: root # group: Kernteam owner@:rwxpDdaARWcCos:fd-----:allow group@:rwxpDda-R-c--s:fd-----:allow everyone@:--------------:-------:allow
Following output is returned for this share by testparm:
Code:
[Kernteam] path = "/mnt/MAINSTOREHDD/Kernteam" read only = No veto files = /.snapshot/.windows/.mac/.zfs/ vfs objects = zfs_space zfsacl streams_xattr zfsacl:acesort = dontcare nfs4:chown = true nfs4:acedup = merge nfs4:mode = special
Following output is returned by smbcacls:
Code:
REVISION:1 CONTROL:SR|DP OWNER:ALTIS\root GROUP:ALTIS\Kernteam ACL:ALTIS\root:ALLOWED/OI|CI/FULL ACL:ALTIS\Kernteam:ALLOWED/OI|CI/0x001300ef ACL:Everyone:ALLOWED/0x0/0x00100000
The data itself was copied by the root of the Freenas machine using smbmount from the old NAS system.
Have someone any ideas, why this is happening?